Merge remote-tracking branch 'origin/master' into topic/johanna/table-changes

* origin/master: (47 commits)
  scan.l: Remove "constant" did_module_restore logic
  Fix FreeBSD CI script to install right SWIG package
  Update submodule(s)
  GH-928: use realpath() instead of inode to de-duplicate scripts
  Update submodule(s)
  GH-1040: Add zero-indexed version of str_split
  Fix WhileStmt to call Stmt(Tag) ctor
  GH-1041: Move compress_path to a bif that uses normalize_path
  Update submodule(s)
  Update submodule(s)
  Update submodule(s)
  Fix --enable-mobile-ipv6 build
  Fix namespace of GetCurrentLocation() to zeek::detail
  Add backtrace() and print_backtrace()
  Rename BroString files to ZeekString
  Update NEWS entry with note about class renames
  Rename BroObj to Obj
  Rename BroString to zeek::String
  Move Func up to zeek namespace, rename BroFunc to ScriptFunc
  Mark global val_mgr as deprecated and fix uses of it to use namespaced version
  ...

scripts/base/frameworks/logging/main.zeek

@@ -80,7 +80,7 @@ export {
 	## If :zeek:see:`Log::print_to_log` is set to redirect, ``print`` statements will
 	## automatically populate log entries with the fields contained in this record.
 	type PrintLogInfo: record {
-		## Current timestamp.
+		## The network time at which the print statement was executed.
 		ts:                  time              &log;
 		## Set of strings passed to the print statement.
 		vals:                string_vec        &log;

scripts/base/init-bare.zeek

@@ -772,7 +772,7 @@ type record_field_table: table[string] of record_field;
 
 ## Meta-information about a parameter to a function/event.
 ##
-## .. zeek:see:: call_argument_vector new_event
+## .. zeek:see:: call_argument_vector new_event backtrace print_backtrace
 type call_argument: record {
 	name: string;	##< The name of the parameter.
 	type_name: string;	##< The name of the parameters's type.
@@ -786,9 +786,28 @@ type call_argument: record {
 
 ## Vector type used to capture parameters of a function/event call.
 ##
-## .. zeek:see:: call_argument new_event
+## .. zeek:see:: call_argument new_event backtrace print_backtrace
 type call_argument_vector: vector of call_argument;
 
+## A representation of an element in a Zeek script's call stack.
+##
+## .. zeek:see:: backtrace print_backtrace
+type BacktraceElement: record {
+	## The name of the function being called at this point in the call stack.
+	function_name: string;
+	## The arguments passed to the function being called.
+	function_args: call_argument_vector;
+	## The file in which the function call is being made.
+	file_location: string &optional;
+	## The line number at which the function call is being made.
+	line_location: count &optional;
+};
+
+## A representation of a Zeek script's call stack.
+##
+## .. zeek:see:: backtrace print_backtrace
+type Backtrace: vector of BacktraceElement;
+
 # todo:: Do we still need these here? Can they move into the packet filter
 # framework?
 #

scripts/base/init-default.zeek

@@ -7,6 +7,7 @@
 @load base/utils/site
 @load base/utils/active-http
 @load base/utils/addrs
+@load base/utils/backtrace
 @load base/utils/conn-ids
 @load base/utils/dir
 @load base/utils/directions-and-hosts

scripts/base/protocols/conn/polling.zeek

@@ -26,14 +26,14 @@ export {
 			       cnt: count, i: interval);
 }
 
-event ConnPolling::check(c: connection,
+event ConnPolling::check(id: conn_id,
 			 callback: function(c: connection, cnt: count): interval,
 			 cnt: count)
 	{
-	if ( ! connection_exists(c$id) )
+	if ( ! connection_exists(id) )
 		return;
 
-	lookup_connection(c$id); # updates the conn val
+	local c = lookup_connection(id); # updates the conn val
 
 	local next_interval = callback(c, cnt);
 	if ( next_interval < 0secs )
@@ -46,5 +46,6 @@ function watch(c: connection,
 	       callback: function(c: connection, cnt: count): interval,
 	       cnt: count, i: interval)
 	{
-	schedule i { ConnPolling::check(c, callback, cnt) };
+	local id = c$id;
+	schedule i { ConnPolling::check(id, callback, cnt) };
 	}

scripts/base/protocols/ssh/main.zeek

@@ -242,7 +242,7 @@ event ssh_capabilities(c: connection, cookie: string, capabilities: Capabilities
 	                                               server_caps$mac_algorithms);
 	c$ssh$compression_alg = find_bidirectional_alg(client_caps$compression_algorithms,
 	                                               server_caps$compression_algorithms);
-	c$ssh$kex_alg         = find_alg(client_caps$kex_algorithms, server_caps$kex_algorithms);	
+	c$ssh$kex_alg         = find_alg(client_caps$kex_algorithms, server_caps$kex_algorithms);
 	c$ssh$host_key_alg    = find_alg(client_caps$server_host_key_algorithms,
 	                                 server_caps$server_host_key_algorithms);
 	}
@@ -288,9 +288,8 @@ function generate_fingerprint(c: connection, key: string)
 	if ( !c?$ssh )
 		return;
 
-	local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30));
-	lx[0] = "";
-	c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, "");
+	local lx = str_split_indices(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30));
+	c$ssh$host_key = join_string_vec(lx, ":");
 	}
 
 event ssh1_server_host_key(c: connection, p: string, e: string) &priority=5

scripts/base/utils/addrs.zeek

@@ -126,14 +126,14 @@ function normalize_mac(a: string): string
 
 	if ( |result| == 12 )
 		{
-		octets = str_split(result, vector(2, 4, 6, 8, 10));
-		return fmt("%s:%s:%s:%s:%s:%s", octets[1], octets[2], octets[3], octets[4], octets[5], octets[6]);
+		octets = str_split_indices(result, vector(2, 4, 6, 8, 10));
+		return fmt("%s:%s:%s:%s:%s:%s", octets[0], octets[1], octets[2], octets[3], octets[4], octets[5]);
 		}
 
 	if ( |result| == 16 )
 		{
-		octets = str_split(result, vector(2, 4, 6, 8, 10, 12, 14));
-		return fmt("%s:%s:%s:%s:%s:%s:%s:%s", octets[1], octets[2], octets[3], octets[4], octets[5], octets[6], octets[7], octets[8]);
+		octets = str_split_indices(result, vector(2, 4, 6, 8, 10, 12, 14));
+		return fmt("%s:%s:%s:%s:%s:%s:%s:%s", octets[0], octets[1], octets[2], octets[3], octets[4], octets[5], octets[6], octets[7]);
 		}
 
 	return "";

scripts/base/utils/backtrace.zeek

@@ -0,0 +1,78 @@
+## Prints a Zeek function call stack.
+##
+## show_args: whether to print function argument names/types/values.
+##
+## one_line: whether to print the stack in a single line or multiple.
+##
+## one_line_delim: delimiter between stack elements if printing to one line.
+##
+## skip: the number of call stack elements to skip past, starting from zero,
+##       with that being the call to this function.
+##
+## to_file: the file to which the call stack will be printed.
+##
+## .. zeek:see:: backtrace
+function print_backtrace(show_args: bool &default=F,
+                         one_line: bool &default=F,
+                         one_line_delim: string &default="|",
+                         skip: count &default=1,
+                         to_file: file &default=open("/dev/stdout"))
+	{
+	local bt = backtrace();
+	local vs: vector of string = vector();
+	local orig_skip = skip;
+
+	for ( i in bt )
+		{
+		if ( skip > 0 )
+			{
+			--skip;
+			next;
+			}
+
+		local bte = bt[i];
+
+		local info = fmt("%s(", bte$function_name);
+
+		if ( show_args )
+			for ( ai in bte$function_args )
+				{
+				local arg = bte$function_args[ai];
+
+				if ( ai > 0 )
+					info += ", ";
+
+				info += fmt("%s: %s", arg$name, arg$type_name);
+
+				if ( arg?$value )
+					info += fmt(" = %s", arg$value);
+				}
+
+		info += ")";
+
+		if ( bte?$file_location )
+			info += fmt(" at %s:%s", bte$file_location, bte$line_location);
+
+		vs += fmt("#%s: %s", i - orig_skip, info);
+		}
+
+	if ( one_line )
+		{
+		local line = "";
+
+		for ( vsi in vs )
+			{
+			line += one_line_delim + " " + vs[vsi] + " ";
+
+			if ( vsi == |vs| - 1 )
+				line += one_line_delim;
+			}
+
+		print to_file, line;
+		}
+	else
+		{
+		for ( vsi in vs )
+			print to_file, vs[vsi];
+		}
+	}

scripts/base/utils/paths.zeek

@@ -21,45 +21,6 @@ function extract_path(input: string): string
 	return parts[1];
 	}
 
-## Compresses a given path by removing '..'s and the parent directory it
-## references and also removing dual '/'s and extraneous '/./'s.
-##
-## dir: a path string, either relative or absolute.
-##
-## Returns: a compressed version of the input path.
-function compress_path(dir: string): string
-	{
-	const cdup_sep = /((\/)*([^\/]|\\\/)+)?((\/)+\.\.(\/)*)/;
-
-	local parts = split_string_n(dir, cdup_sep, T, 1);
-	if ( |parts| > 1 )
-		{
-		# reaching a point with two parent dir references back-to-back means
-		# we don't know about anything higher in the tree to pop off
-		if ( parts[1] == "../.." )
-			return join_string_vec(parts, "");
-		if ( sub_bytes(parts[1], 0, 1) == "/" )
-			parts[1] = "/";
-		else
-			parts[1] = "";
-		dir = join_string_vec(parts, "");
-		return compress_path(dir);
-		}
-
-	const multislash_sep = /(\/\.?){2,}/;
-	parts = split_string_all(dir, multislash_sep);
-	for ( i in parts )
-		if ( i % 2 == 1 )
-			parts[i] = "/";
-	dir = join_string_vec(parts, "");
-
-	# remove trailing slashes from path
-	if ( |dir| > 1 && sub_bytes(dir, |dir|, 1) == "/" )
-		dir = sub_bytes(dir, 0, |dir| - 1);
-
-	return dir;
-	}
-
 ## Constructs a path to a file given a directory and a file name.
 ##
 ## dir: the directory in which the file lives.